If you would like to use *USRIDPWD as your lowest authentication method, follow the steps below.

  1. Set the system value to retain server security data. On both production and backup, run the following command:
    DSPSYSVAL QRETSVRSEC

    The value should be set to 1. If it is not, change it to 1 by running the following command:
    CHGSYSVAL SYSVAL(QRETSVRSEC) VALUE(1) 
  1. Add Server Authorization entries.

    A Server Authority entry is essentially a cross-reference between a local and remote user profile. It is used whenever a job needs to start a DDM connection to a remote system that is configured with *USRIDPWD as the lowest authentication method.  It specifies that a job running under user A on the local system should connect to the remote system as user B, with password C.  The password is stored by the system in encrypted form.

    The setup must be performed on both systems because Robot HA initiates remote DDM connections both ways between Production and Backup.

    It is a good idea to have a separate ‘service’ profile for the remote connections. This can be the same profile on both systems or could be a different profile on each system. In our examples below we use ROBOTHA as the service profile to use for the DDM connection. Whatever profile(s) you use, make sure that the profile chosen has authority to QPGMR. 


    On the production system
    On the production system, Robot HA uses profile QSECOFR in the background to make connections.  Therefore, the following server Authority entry needs to be created:

    ADDSVRAUTE USRPRF(QSECOFR) SERVER(QDDMDRDASERVER) USRID(ROBOTHA) PASSWORD( )

    Note:
    The special value QDDMDRDASERVER allows this server authority entry to be used for a connection to any remote system for which the specified profile and password are valid. It must be entered in upper case.

    If you are replicating to more than one backup system and wish to use a different profile (or password) for each system you can specify the name of the server, rather than QDDMDRDASERVER. For example:

    ADDSVRAUTE USRPRF(QSECOFR) SERVER(BACKUP1) USRID(ROBOTHA1) PASSWORD( )
    ADDSVRAUTE USRPRF(QSECOFR) SERVER(BACKUP2) USRID(ROBOTHA2) PASSWORD( )


    On the backup system
    On the backup system, Robot HA uses profile RSFSRV.  Therefore, the following server authority entry needs to be created:

    ADDSVRAUTE USRPRF(RSFSRV) SERVER(QDDMDRDASERVER) USRID(ROBOTHA) PASSWORD( )
    or
    ADDSVRAUTE USRPRF(RSFSRV) SERVER(PRODUCTION) USRID(ROBOTHA) PASSWORD( )


    On both systems:
    After the Server authority entries have been created you can now specify to require a password. Run this command on both systems:

    CHGDDMTCPA AUTOSTART(*YES) PWDRQD(*USRIDPWD) ENCALG(*DES)

 


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: July 29, 2019